Ancestory.com was breached by a mysterious and massive DDOS attack that completely shut down the popular website for nearly 24 hours.
The attack flooded Ancestry‘s servers with bogus traffic that camoflauged itself as legitimate visitors. No personal data was compromised, however.
The attack hit the site at 1:30 p.m. Mountain time on Monday and was brought more or less under control by 11:00am Tuesday MT, said Ancestry spokeswoman Heather Erickson.
As of Thursday, Ancestry was still digging out and trying to pinpoint where the attack originated.
“I can’t speak to the specific tech issues, but we’re really fortunate because none of our data was compromised,” Erickson said.
Ancestry is a popular geneaology research site, founded in 1997. It has 2.1 million subscribers.
“The intent was to take us down. But given the attack and what happened, were not going into specifics of how we were breached,” Erickson said.
Ancestry is working with outside organizations to assess the damage. Erickson declined to say who they were.
Ancestry is lucky, unlike retailers Target and Neiman Marcus, whose sites were pulverized in late December by a highly effective attack that breached their firewalls. Hackers then ripped off PIN data while making off with 100 million users’ personal data, such as social security numbers and bank information.
Target took heat for backpedaling on announcing the attack to customers and the public. The hackers then dumped the info on the thriving black market for stolen credit cards.
The Salt Lake City-based company pulled in $561 million in revenue last year. Ancestry is owned by European private equity firm Permira.
Whoever attacked the site had some serious chops, even if they were unable to take the site down permanently.
“We’re still recovering and working to get all our sites up and running,” Erickson said.
You can't solo security COVID-19 game security report: Learn the latest attack trends in gaming. Access here